create-user-key-store.sh: gpg key creation updates

- code style fixup - remove gen_rpm_keyring script - check gpg version Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
author: Lans Zhang <jia.zhang@windriver.com> 2017-08-11 16:39:22 +0800
committer: Lans Zhang <jia.zhang@windriver.com> 2017-08-11 16:39:22 +0800
commit: 4a676cd301ef96ab556a5abb35771760060fb5f3 (patch)
tree: 990ccb536a6035dc563fbc1368dd4fea95288295
parent: 104a01a25d106fe8ed8e344bd4fb96d323afe3d1 (diff)
download: meta-secure-core-4a676cd301ef96ab556a5abb35771760060fb5f3.tar.gz
2 files changed, 34 insertions, 20 deletions
diff --git a/meta-signing-key/scripts/create-user-key-store.sh b/meta-signing-key/scripts/create-user-key-store.sh
index e5f754a..85d6965 100755
--- a/meta-signing-key/scripts/create-user-key-store.sh
+++ b/meta-signing-key/scripts/create-user-key-store.sh
@@ -187,28 +187,50 @@ create_ima_user_key() {
 }
 create_rpm_user_key() {
+    local gpg_ver=`gpg --version | head -1 | awk '{ print $3 }' | awk -F. '{ print $1 }'`
+    if [ x"$gpg_ver" != x"1" ]; then
+        echo "gpg version 2 is not supported"
+        exit 1
+    fi
    local key_dir="$RPM_KEYS_DIR"
-    local gpg=""
    [ ! -d "$key_dir" ] && mkdir -p "$key_dir"
-   gpg --batch --gen-key gen_rpm_keyring
+    local gpg_key_name="SecureCore"
+    local priv_key="$key_dir/RPM-GPG-PRIVKEY-$gpg_key_name"
+    local pub_key="$key_dir/RPM-GPG-KEY-$gpg_key_name"
+    cat >"$key_dir/gen_rpm_keyring" <<EOF
+Key-Type: RSA
+Key-Length: 2048
+Name-Real: $gpg_key_name
+Name-Comment: RPM Signing Certificate
+Name-Email: $gpg_key_name@foo.com
+Expire-Date: 0
+%pubring $pub_key.pub
+%secring $priv_key.sec
+%commit
+%echo RPM keyring $gpg_key_name created
+EOF
+    gpg --batch --gen-key "$key_dir/gen_rpm_keyring"
-   gpg="gpg --no-default-keyring --secret-keyring \
+    gpg="gpg --no-default-keyring --secret-keyring \
-        ./rpm_keyring.sec --keyring ./rpm_keyring.pub"
+        $priv_key.sec --keyring $pub_key.pub"
-   $gpg --list-secret-keys
+    $gpg --list-secret-keys
-   print_error "Please type passwd to modify the passphrase, and type quit to exit"
+    print_error "Please type passwd to modify the passphrase, and type quit to exit"
-   $gpg --edit-key "RPM Signing Certificate"
+    $gpg --edit-key "$gpg_key_name"
-   $gpg --export --armor "RPM Signing Certificate" \
+    $gpg --export --armor "$gpg_key_name" > "$pub_key"
-       > "$key_dir/RPM-GPG-KEY-SecureCore"
+    $gpg --export-secret-keys --armor "$gpg_key_name" > "$priv_key"
-   $gpg --export-secret-keys --armor "RPM Signing Certificate" \
-       > "$key_dir/RPM-GPG-PRIVKEY-SecureCore"
-   rm -f ./rpm_keyring.sec ./rpm_keyring.pub
+    rm -f "$key_dir/gen_rpm_keyring"
+    rm -f "$priv_key.sec" "$pub_key.pub"
 }
 create_user_keys() {
diff --git a/meta-signing-key/scripts/gen_rpm_keyring b/meta-signing-key/scripts/gen_rpm_keyring
deleted file mode 100644
index 6b4c74e..0000000
--- a/meta-signing-key/scripts/gen_rpm_keyring
+++ /dev/null
@@ -1,8 +0,0 @@
-Key-Type: RSA
-Key-Length: 2048
-Name-Real: RPM Signing Certificate
-Expire-Date: 0
-%pubring rpm_keyring.pub
-%secring rpm_keyring.sec
-%commit
-%echo RPM keyring created
author	Lans Zhang <jia.zhang@windriver.com>	2017-08-11 16:39:22 +0800
committer	Lans Zhang <jia.zhang@windriver.com>	2017-08-11 16:39:22 +0800
commit	4a676cd301ef96ab556a5abb35771760060fb5f3 (patch)
tree	990ccb536a6035dc563fbc1368dd4fea95288295
parent	104a01a25d106fe8ed8e344bd4fb96d323afe3d1 (diff)
download	meta-secure-core-4a676cd301ef96ab556a5abb35771760060fb5f3.tar.gz